> he way stuff fails when it runs out of memory is really confusing
have you checked what your `vm.overcommit_ratio` is? If its < 100%, then you will get OOM kills even if plenty of RAM is free since the default is 50 i.e. 50% of RAM can be COMMITTED and no more.
curious what kind of failures you are alluding to.
For anyone feeling brave enough to disable overcommit after reading this, be mindful that default `vm.overcommit_ratio` is 50% which means that if no swap is available, on a system with 2GB of total RAM, more than 1GB of RAM can't be allocated and requests will fail with preemptive OOMs. (e.g. postgresql servers typically disable overcommit)
Nice usability features definitely. Apart from that how would you say it compares against something like sysdig falco / cilium + tetragon?
Apart from this a major issue is DNS based dynamic filtering which is way batter to get right in a Kubernetes environment with something like Cilium. IP lists are impossible to manage with modern level of third party integrations.
I would have expected at least Virustotal to flag them if that were the case. It does more than just looking up in a database of known malicious URLs and I think the reputation of the domains is the key factor here.
It is the same for nested links as well. They mostly have a chain of links, each one taking you to a new one with hop count ranging anywhere from 5 up to 10 or more.
You are right about short expiry times but another catch here is that if pre-signed URLs are being leaked in an automated fashion, these services also keep the downloaded content from these URLs around. I found various such examples where links no longer work, but PDFs downloaded from pre-signed URLs were still stored by scanning services.
> In the process of scanning websites, urlscan.io will sometimes encounter file downloads triggered by the website. If we are able to successfully download the file, we will store it, hash it and make it available for downloading by our customers.
OP here. Another interesting attack vector I have been working on is OSC 8 for hyperlink support in terminals. Mostly they allow arbitrary url schemes including "ssh://" without any prompt or user interaction to consent to open an external tool like ssh client in this case.
https[:]//erasmus-plus.ec.europa.eu/sites/default/files/2026-05/mortal-kombat-2-cs.pdf